Embodiments of the present invention relate to software testing and in particular static code analysis.
In static code analysis, a software application is tested without actually executing the application. The software application is typically tested by processing and analyzing the source code of the application prior to compiling the code. The entire source code of the application, or only portions of the source code, may be analyzed. The source code may be analyzed for one or more of a variety of purposes, such as for identifying possible coding errors, determining properties (e.g., operational behaviors) of the software application, etc.
As software applications become larger and more complex, performing accurate, timely, and efficient static code analysis is becoming increasingly difficult. Typical static code analyzers traverse the source code of an application and, as they traverse, they run into control flows where a plurality of paths may be taken. To ensure a holistic test, the static code analyzers traverse all possible paths. While traversing all possible paths may ensure that every possible execution path is tested, it also results in significant inefficiencies as paths that could not actually be followed during runtime (i.e., impossible execution paths) are also tested. Further, various other problems also arise when performing static code analysis on source code that makes use of modern programming paradigms such as object oriented programming, inversion of control, dependency injection, and aspect oriented programming.